package com.example.securitysmslogin.controller;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpSession;
import java.util.HashMap;
import java.util.Map;

@RestController
public class SmsCodeController {
    private static final Logger logger = LoggerFactory.getLogger(SmsCodeController.class);

    @RequestMapping("/sms/code")
    public void code(String mobile, HttpSession session) {
        String code = (int) Math.ceil(Math.random() * 9000 + 1000) + "";
        //实际开发建议将验证码保存在redis中并设置超时时间，这里为了方便演示，就不引入redis了
        session.setAttribute("mobile", mobile);
        session.setAttribute("smsCode", code);
        //这里为了方便，就不真的发短信了，直接把验证码打印出来，本篇博客的主要目的不是发短信，而是Security配置短信认证
        logger.info("{} 设置短信验证码：{}", mobile, code);
    }
}
